Update zeroize_derive (#2625)

## Issue Addressed NA ## Proposed Changes As `cargo audit` astutely pointed out, the version of `zeroize_derive` were were using had a vulnerability: ``` Crate: zeroize_derive Version: 1.1.0 Title: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s Date: 2021-09-24 ID: RUSTSEC-2021-0115 URL: https://rustsec.org/advisories/RUSTSEC-2021-0115 Solution: Upgrade to >=1.2.0 ``` This PR updates `zeroize` and `zeroize_derive` to appease `cargo audit`. `tiny-bip39` was also updated to allow compile. ## Additional Info I don't believe this vulnerability actually affected the Lighthouse code-base directly. However, `tiny-bip39` may have been affected which may have resulted in some uncleaned memory in Lighthouse. Whilst this is not ideal, it's not a major issue. Zeroization is a nice-to-have since it only protects from sophisticated attacks or attackers that already have a high level of access already.
2026-05-08 09:16:00 +00:00 · 2021-09-25 05:58:37 +00:00
parent fe52322088
commit 924a1345b1
7 changed files with 16 additions and 12 deletions
--- a/crypto/eth2_keystore/Cargo.toml
+++ b/crypto/eth2_keystore/Cargo.toml
@@ -13,7 +13,7 @@ pbkdf2 = { version = "0.8.0", default-features = false }
 scrypt = { version = "0.7.0", default-features = false }
 sha2 = "0.9.1"
 uuid = { version = "0.8.1", features = ["serde", "v4"] }
-zeroize = { version = "1.1.1", features = ["zeroize_derive"] }
+zeroize = { version = "1.4.2", features = ["zeroize_derive"] }
 serde = "1.0.116"
 serde_repr = "0.1.6"
 hex = "0.4.2"